167 matches found
CVE-2026-41499
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...
CVE-2018-25382 Zechat 1.5 SQL Injection via uname Parameter
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...
CVE-2018-25382 Zechat 1.5 SQL Injection via uname Parameter
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...
CVE-2018-25382
Zechat 1.5 contains an SQL injection in the uname parameter that allows unauthenticated attackers to extract database information by injecting SQL through profile.php. The described payloads use UNION-based injections to enumerate table names, column names, and sensitive data from information_sch...
PT-2026-44860
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...
CVE-2026-41499
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...
CVE-2026-41499 Wazuh: Multiple Heap-based NULL WRITE Buffer Underflows in parse_uname_string()
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...
CVE-2026-41499
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...
CVE-2026-41499
CVE-2026-41499 (Wazuh) affects Wazuh releases 4.0.0 through before 4.14.4. The vulnerability is in parse_uname_string() (remoted_op.c), where four code paths write to strlen(ptr) - 1 without checking for empty strings, causing an unsigned underflow (0 - 1 → SIZE_MAX) and a write before the alloca...
CVE-2026-41499 Wazuh: Multiple Heap-based NULL WRITE Buffer Underflows in parse_uname_string()
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...
EUVD-2026-26272
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...
PT-2026-35968
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parse uname string remoted op.c. This function processes OS identification data from agents a...
Wazuh 安全漏洞
Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 4.0.0 to 4.14.4 contained security vulnerabilities. These...
CVE-2026-5368
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...
CVE-2026-5368
CVE-2026-5368 affects projectworlds Car Rental Project 1.0. The vulnerable element is an unknown function in the file /login.php of the Parameter Handler; manipulating the uname argument enables an SQL injection. Exploitation is remote and has been publicly disclosed. Multiple sources (NVD, Red H...
CVE-2026-5368 projectworlds Car Rental Project Parameter login.php sql injection
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...
PT-2026-29859
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000848)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000848 advisory. The overriderelease function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a unam...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002513)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002513 advisory. The overriderelease function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a unam...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001788)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001788 advisory. The overriderelease function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a unam...